June 22, 2010 at 11:09 am
When installing SQL Server 2008 I followed the instructions in the 2008 training kit and created service accounts for the Database Engine and SQL Server Agent taking the following names: SQL2008TK432DE and SQL2008TK432SQLAgent. Then, I was forced to assign an account name to SQL Full-text Filter Daemon Launcher (I used the admin account) in order to proceed with the installation so I have a total of 3 service accounts or user logins that I have yet to see the value of. The install went fine, however I have yet to run into an juncture at which I need these service accounts.
Will someone please tell me what I am expected to do with service accounts (ie. do I grant specific permissions to them?). When will they come into play and relevance as I get a better grip on SQL Server 2008 admin?:blush:
June 22, 2010 at 12:22 pm
Well I would not assume to know exactly what the creators of the trining kit were thinking exactly but when you say serivce accoutn normally that is a reference to the user the service is started as. If you look at you services there are several now running for SQL server. during install you where also asked during install how these services would be started. If you used some built in account then these accounts may not be useful at all but I would assume it was there intent that you use those accounts to start the services.
Dan
If only I could snap my figures and have all the correct indexes apear and the buffer clean and.... Start day dream here.
June 22, 2010 at 12:25 pm
Service Account is used to start the SQL Service and all the other services that SQL Server needs to operate properly. Look at the services MMC, in there you will see the service names and the accounts that they are running under. These accounts are non-human accounts.
When you create a service account, you simply need to assign "user" permissions, they do not require anything more. You should never, ever assign AD or NT Admin level permissions to a service account. Also, you should never, ever use a human account for a service account. What happens if that human leaves the company. Their NT or AD account leaves too. That means that the SQL Services will not function on that box, after a bounce. And you will be wondering why SQL Server is not starting.
Always use a non-human account for service accounts. And if possible, use Active Directory so that you have only one location to change the password when the time comes.
Andrew SQLDBA
June 22, 2010 at 2:19 pm
In response to Dan.Humphries:
In config manager under services I see that
1. SQL Server Agent is Not Started, Startup Type is Manual, and Log On As: .\Administrator.
2. SQL Full-text Filter is started, Startup type is Automatic, and Log On As Local Server
3. SQL Server Browser is Not Started, Startup Type is Disabled, and Log On As Local Service
4. SQL Server is Started, Startup Type is Automatic, and Log On As .\Administrator
Of the above SQL Server Agent and SQL Server Browser are of most interest to me right now. I don't understand why Agent is Not Started and manual, and why Browser is Not STarted and Disabled. These were default settings during install and I was following the training manual.
These seem like basic services that I will need to schedule and automatic tasks and navigate around SQL Server. How I can get them to be on all the time so that I can use them as needed?
Thank you.
June 22, 2010 at 2:31 pm
In response to Old Hand:
I have my SQL Server installed on a computer that is part of a WorkGroup network (my home), therefore I am not using Active Directory. I also do not have an application layer that connects to the database, but am focusing on the administration layer anyway.
Knowing that I have a stand a lone machine that I am trying to set up to similuate a production environment that is to support a few important applications, what can I do to take the greatest advantage of these service accounts?
Would there ever be a situation where someone logs onto SQL Server on the local machine under any of these user/service accounts, if it were supporting some applications?
June 22, 2010 at 2:51 pm
There should never be an excuse to use a service account by a human.
A service account is meant to run the Windows Service(s), not to be used by a human.
You need to change all the SQL service accounts to use the same login. Not to use the ones that you have currently. You can do that from within the Service MMC.
Create one account to be used as a service account, and use that for all the service accounts for SQL.
Andrew SQLDBA
June 22, 2010 at 3:23 pm
In response to Old Hand:
I restarted my computer and for the love of man I am seeing a different set of states and Log Ons:
1. SSIS Stopped Automatic .\Administrator
2. Full-text Filter Daemon Running Automatic NT AUTHORITY\LOCAL SERVICE
3. SQL Server (MSSQLSERVER) Running Automatic .\Administrator
4. SQL Server Browser Stopped Other NT AUTHORITY\LOCAL SERVICE
5. SQL Server Agent Stopped Manual .\Administrator
Could you please comment on the state of these services and how they should look?
Which account should I set all the services up under? ./Administrator?
I'm reading that MMC is a snap-in that I can install. I am running SQL Server 2008 on Windows Server 2008, so is that the way to go?
ps. more than any other topic in SQL DB admin, my understanding of Service Accounts has been the most elusive. I am striving to understand how they function, their purpose, their added value. All explanations are helping me chip away at this confusion.
Thank you !!!!
June 22, 2010 at 9:47 pm
Andrew, I think I finally know what you mean. I went to properties under the service and see that I am able to specify which account to operate the service under. So, I am using Administrator but I can see that I can use others and it's up to me. Thanks for your time.
June 23, 2010 at 8:41 am
You should Never, ever use an Admin level permission account to run a windows service, use only the least permission level.
And for your question on how should things look.... It all depends on what you are doing.
Some services stop when they are not being used. they will start when you attempt to use that particular app.
I use the same account for all SQL Services, I use other accounts for different services. It all depends on what the service is. Some, I don't care about.
I did not realize that my status was modified and set to "Old Hand"
Andrew SQLDBA
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply